The invention disclosed herein relates generally to the ability for a user to initiate a password protected backup of his credentials and, more particularly, to recovering his credentials even if the user forgets his password.
FIG. 1 shows a block diagram of an example Public Key Infrastructure (PKI) system architecture, according to the prior art. A PKI is a collection of servers and software that enables an organization, company, or enterprise to distribute and manage thousands of unique public/private cryptographic keys in a manner that allows users to reliably determine the identity of the owner of each public/private key pair. Public/private key pairs have the property that for any given public key there exists one and only one private key, and vice versa. If a particular message can be decrypted using one member of the key pair, then the assumption is that the message must have been encrypted using the other member.
Certificates may contain information identifying the owner of the key pair, the public component of the pair and the period of time for which the certificate is valid. The certificate may also identify technical information about the key itself, such as the algorithm used to generate the key, and the key length. Certificates are generated by organizations, companies, or enterprises that are responsible for verifying the identity of individuals to which certificates are issued. The certifying authority 100, in FIG. 1, signs each certificate using a private key known only to the certifying authority itself. By issuing a certificate, a certifying authority 100 is stating that it has verified that the public key that appears in the certificate belongs to the individual listed in the certificate.
Current PKIs that provide strong authentication of user identity accomplish this via the use of a Local Registration Authority Officer (LRAO) 120. LRAO 120 operates at a workstation or server platform 135 that runs a local registration authority 130. Server platform 135 may be any known computing device that may serve as a server, e.g. computer, workstation, etc. The local registration authority 130 interfaces with other server platforms that may contain applications such as the certifying authority 100 and registration authority 110.
A user 140, that is using or desires access to the PKI system architecture, accesses the system via a web browser 150 on a client platform 155. Typically, in current systems, user 140 presents a photo I.D. to the LRAO 120 in order to authenticate the user's identity. LRAO 120 then uses workstation 135 and local registration authority 130 to signal registration authority 110 to register new user 140 in the system.
A person's certificates and corresponding private or secret keys are typically included in the person's credentials. FIG. 2 shows a block diagram of a system in which a backup copy of user's credentials 220 being sent automatically from a credential store 200 to a central repository 240. The credential store 200 stores information concerning all the users who are registered with the central credential management and authorization center 230. Each user has its own credentials 220, which are stored within central database 210. The credential store 200 maintains the security of credentials 220 it has issued because it controls their storage, updating, revocation and also proxying. A copy of credential store 200 is automatically sent to central repository 240 each time something important changes in credential store 200. Central repository 240 then stores credentials 220 into storage 260.
FIG. 3 shows a block diagram of a recovery authority, according to one embodiment of the invention. Recovery authority 300 stores credentials 220 into storage systems 310. Each credential store 200, stored in the storage system 310, contains a number of unique recovery passwords for their own credential store 200. If a user 140 forgets his password to his credentials 220, he would contact a number of recovery authorities 300 to get the needed recovery passwords to open his credentials 220 and reset the password to a new one.
Prior to the present invention, these systems automatically initiated password protected backups of the user's credential store according to a fixed algorithm, without any involvement or input on the part of users or administrators. However, this created a problem because the only time user credentials 220 were sent to the credential store 200 was when something changed in the credential store 200. There is therefore a need for users to be able to initiate and control aspects of the backup process through a button in the user interface, which would increase flexibility and result in a more robust behavior in environments where the hard-coded algorithm is not satisfactory. In addition, in the past, recovery passwords were a hard coded length of 16 characters. Users were having trouble typing in 16 characters so they wanted recovery passwords of shorter length. There is therefore a need for more flexibility so that recovery authorities will not need to relay long information to users to recover credentials.